Skip to content
 

Leaking Email Addresses from YourMusic.com

YourMusic.com is an online music service of BMG Direct, Inc. You set up a list of cd’s you’d like to purchase, then you are shipped one CD a month for a steady price (currently at $6.99). I registered with them on Wednesday, November 2, 2005 at 3:40:31pm EST. And I used a unique email address that I generate for any web site I need to register at. I received no email to that address at all, except the one message from YourMusic.com when I first opened the account. After reading their web site materials, I decided to not buy music from them.

On Monday night this week, June 4, 2007, at 11:34pm, I received a spam mail that was sent to the address I used only at YourMusic.com. An email asking if YourMusic is violating their privacy policy, or if they have a rogue employee stealing customer info was not helpfully replied to. They seem to not understand that they have a problem.

The spam came from hot-daily-perks.net. If you go to their web site, you get apparently an IIS error page. If you go to any other URL on the site, you get a kind of 404 error. Their spam had a 146 character (all hex characters) URL in it. I scrambled their hex code to experiment. I suspect if I clicked the ad I would start to get a lot of spam at that address.

The message itself was a HTML monstrosity. It was made up of a 4×4 html table, with each cell containing an image loaded from http://www.bemywoo.com. The image when built was also an ad for BeMyWoo.

The Whois information is where things get a little interesting. The whois for hot-daily-perks.net did not lead anywhere else, except to the Moniker.com registrar.

But the whois for BeMYWoo.com leads to both cliqventures.com and loorebox.com. Their whois info was not too interesting, leading into a circle. Hmm, by looking at their whois info, it appears that the registration info for BeMyWoo, CliqVenture, and Loorebox is invalid, there isn’t a suite listed like there is on the web site.

$ host loorebox.com
loorebox.com has address 69.50.210.58
loorebox.com mail is handled by 0 loorebox.com.

$ host bemywoo.com
bemywoo.com has address 69.50.210.58
bemywoo.com mail is handled by 0 bemywoo.com.

$ host cliqventures.com
cliqventures.com has address 69.50.210.58
cliqventures.com mail is handled by 0 cliqventures.com.

$ host hot-daily-perks.net
hot-daily-perks.net has address 209.51.190.123
hot-daily-perks.net mail is handled by 10 hot-daily-perks.net.

So it appears that the hot-daily-perks.net site hired CliqVenture to be their spammer. hot-daily-perks.net is hosted with Hurricane Electric. CliqVenture is hosted by Atjeu Hosting (atjeu.com). I will be emailing a spam abuse complaint to Atjeu shortly.

3 Comments

  1. laura says:

    thanks for the info.

  2. Mark Konnig says:

    from what you wrote I think its the other way arround It looks like cliqventures hired hot-daily-perks to do their offer since the ad is for bemywoo and they are conected with cliqventures on the same IP

  3. Chris says:

    Yep, I’ve had the exact same problem with YourMusic.com as well. My unique YourMusic.com email has been bombarded with spam for the last week. I really think they have a major problem their with a rogue employee, lax server security or worse they are selling their email lists to spammers. I hope this doesn’t become more wise spread.